24 files changed, 71 insertions, 2 deletions

diff --git a/templates-cfg/system/conntrack/log/icmp/destroy/node.def b/templates-cfg/system/conntrack/log/icmp/destroy/node.def
new file mode 100644
index 0000000..286764c
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/icmp/destroy/node.def
@@ -0,0 +1 @@
+help: Log deletion of ICMP connections
diff --git a/templates-cfg/system/conntrack/log/icmp/new/node.def b/templates-cfg/system/conntrack/log/icmp/new/node.def
new file mode 100644
index 0000000..dfc19ff
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/icmp/new/node.def
@@ -0,0 +1 @@
+help: Log newly created ICMP connections
diff --git a/templates-cfg/system/conntrack/log/icmp/node.def b/templates-cfg/system/conntrack/log/icmp/node.def
new file mode 100644
index 0000000..52b219b
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/icmp/node.def
@@ -0,0 +1 @@
+help: Log connection tracking events for ICMP 
diff --git a/templates-cfg/system/conntrack/log/icmp/update/node.def b/templates-cfg/system/conntrack/log/icmp/update/node.def
new file mode 100644
index 0000000..1282f29
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/icmp/update/node.def
@@ -0,0 +1 @@
+help: Log updates to ICMP connections
diff --git a/templates-cfg/system/conntrack/log/node.def b/templates-cfg/system/conntrack/log/node.def
new file mode 100644
index 0000000..cb7521a
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/node.def
@@ -0,0 +1,35 @@
+help: Log connection tracking events per protocol
+priority: 219 # failure at log shouldnt fail conntrack 
+end:
+if [[ ${COMMIT_ACTION} != 'DELETE' ]]
+then
+  declare -a ARR;
+  declare -a EVENTS;
+  declare -a STATES;
+  eval "ARR=($(cli-shell-api listNodes system conntrack log))";
+  if [ "${#ARR[@]}" == "0" ]; then
+    echo Protocol must be specified for log;
+    exit 1;
+  fi
+  for var in "${ARR[@]}"
+  do
+    eval "EVENTS=($(cli-shell-api listNodes system conntrack log $var))";
+    if [ "${#EVENTS[@]}" == "0" ]; then
+      echo Event must be specified for specified protocol $var;
+      exit 1;
+    fi
+    if [ "$var" == "tcp" ]; then
+      for i in "${EVENTS[@]}"
+      do
+        if [ "$i" == "update" ]; then
+          eval "STATES=($(cli-shell-api listNodes system conntrack log $var $i))";
+          if [ "${#STATES[@]}" == "0" ]; then
+            echo State must be specified for specified protocol-event $var $i;
+            exit 1;
+          fi
+        fi
+      done
+    fi
+  done
+fi
+sudo /opt/vyatta/sbin/vyatta-update-conntrack-log.pl
diff --git a/templates-cfg/system/conntrack/log/other/destroy/node.def b/templates-cfg/system/conntrack/log/other/destroy/node.def
new file mode 100644
index 0000000..fadd0b2
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/other/destroy/node.def
@@ -0,0 +1 @@
+help: Log deletion of connections for all protocols
diff --git a/templates-cfg/system/conntrack/log/other/new/node.def b/templates-cfg/system/conntrack/log/other/new/node.def
new file mode 100644
index 0000000..1ad7b76
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/other/new/node.def
@@ -0,0 +1 @@
+help: Log newly created connections for all protocols
diff --git a/templates-cfg/system/conntrack/log/other/node.def b/templates-cfg/system/conntrack/log/other/node.def
new file mode 100644
index 0000000..f41584a
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/other/node.def
@@ -0,0 +1 @@
+help: Log connection tracking events for all protocols other than TCP, UDP and ICMP
diff --git a/templates-cfg/system/conntrack/log/other/update/node.def b/templates-cfg/system/conntrack/log/other/update/node.def
new file mode 100644
index 0000000..a448989
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/other/update/node.def
@@ -0,0 +1 @@
+help: Log updates to connections for all protocols
diff --git a/templates-cfg/system/conntrack/log/tcp/destroy/node.def b/templates-cfg/system/conntrack/log/tcp/destroy/node.def
new file mode 100644
index 0000000..5389848
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/destroy/node.def
@@ -0,0 +1 @@
+help: Log deletion of TCP connections 
diff --git a/templates-cfg/system/conntrack/log/tcp/new/node.def b/templates-cfg/system/conntrack/log/tcp/new/node.def
new file mode 100644
index 0000000..454c3ae
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/new/node.def
@@ -0,0 +1 @@
+help: Log newly created TCP connections
diff --git a/templates-cfg/system/conntrack/log/tcp/node.def b/templates-cfg/system/conntrack/log/tcp/node.def
new file mode 100644
index 0000000..eb9241d
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/node.def
@@ -0,0 +1 @@
+help: Log connection tracking events for TCP 
diff --git a/templates-cfg/system/conntrack/log/tcp/update/close-wait/node.def b/templates-cfg/system/conntrack/log/tcp/update/close-wait/node.def
new file mode 100644
index 0000000..65cb02f
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/close-wait/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections in CLOSE_WAIT state
diff --git a/templates-cfg/system/conntrack/log/tcp/update/established/node.def b/templates-cfg/system/conntrack/log/tcp/update/established/node.def
new file mode 100644
index 0000000..129cc6c
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/established/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections in ESTABLISHED state
diff --git a/templates-cfg/system/conntrack/log/tcp/update/fin-wait/node.def b/templates-cfg/system/conntrack/log/tcp/update/fin-wait/node.def
new file mode 100644
index 0000000..7e50c9b
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/fin-wait/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections in FIN_WAIT state
diff --git a/templates-cfg/system/conntrack/log/tcp/update/last-ack/node.def b/templates-cfg/system/conntrack/log/tcp/update/last-ack/node.def
new file mode 100644
index 0000000..3ea7566
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/last-ack/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections in LAST_ACK state
diff --git a/templates-cfg/system/conntrack/log/tcp/update/node.def b/templates-cfg/system/conntrack/log/tcp/update/node.def
new file mode 100644
index 0000000..dabd832
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections
diff --git a/templates-cfg/system/conntrack/log/tcp/update/sync-received/node.def b/templates-cfg/system/conntrack/log/tcp/update/sync-received/node.def
new file mode 100644
index 0000000..421a675
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/sync-received/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections in SYN_RECV state 
diff --git a/templates-cfg/system/conntrack/log/tcp/update/time-wait/node.def b/templates-cfg/system/conntrack/log/tcp/update/time-wait/node.def
new file mode 100644
index 0000000..0597a97
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/tcp/update/time-wait/node.def
@@ -0,0 +1 @@
+help: Log updates to TCP connections in TIME_WAIT state
diff --git a/templates-cfg/system/conntrack/log/udp/destroy/node.def b/templates-cfg/system/conntrack/log/udp/destroy/node.def
new file mode 100644
index 0000000..8441bdb
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/udp/destroy/node.def
@@ -0,0 +1 @@
+help: Log deletion of UDP connections
diff --git a/templates-cfg/system/conntrack/log/udp/new/node.def b/templates-cfg/system/conntrack/log/udp/new/node.def
new file mode 100644
index 0000000..95de0f9
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/udp/new/node.def
@@ -0,0 +1 @@
+help: Log newly created UDP connections
diff --git a/templates-cfg/system/conntrack/log/udp/node.def b/templates-cfg/system/conntrack/log/udp/node.def
new file mode 100644
index 0000000..b8eea26
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/udp/node.def
@@ -0,0 +1 @@
+help: Log connection tracking events for UDP 
diff --git a/templates-cfg/system/conntrack/log/udp/update/node.def b/templates-cfg/system/conntrack/log/udp/update/node.def
new file mode 100644
index 0000000..2a9e6a0
--- /dev/null
+++ b/templates-cfg/system/conntrack/log/udp/update/node.def
@@ -0,0 +1 @@
+help: Log updates to UDP connections
diff --git a/templates-cfg/system/conntrack/modules/sip/node.def b/templates-cfg/system/conntrack/modules/sip/node.def
index b5a3225..121d7a4 100644
--- a/templates-cfg/system/conntrack/modules/sip/node.def
+++ b/templates-cfg/system/conntrack/modules/sip/node.def
@@ -1,8 +1,12 @@
 help: SIP connection tracking settings
 
-end: /bin/cli-shell-api existsEffective system conntrack modules sip disable && exit 0
+end: /bin/cli-shell-api exists system conntrack modules sip disable && exit 0
   reload=0
   sdm=2
+  defaultport=5060
+  portopt="ports="
+  portval=""
+  
   if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_media ]; then
     sdm=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_media)
   fi
@@ -34,13 +38,21 @@ end: /bin/cli-shell-api existsEffective system conntrack modules sip disable &&
 	 fi
 	 (( numports++ ))
      done
-     portopt="ports=$portval"
      if [ $numports -gt 8 ]; then
      	echo "Error: Can not specify more than 8 ports."
 	exit 1
      fi
      reload=1
   fi
+  if [ "$portval" != "" ]; then
+       portopt="${portopt}$portval"
+  else
+      portopt="${portopt}$defaultport"
+  fi
+
+  if [ "$COMMIT_ACTION" == "DELETE" ]; then
+      reload=1
+  fi
 
   if [ -f /etc/modprobe.d/options ]; then
     sudo sed -i '/nf_conntrack_sip/d' /etc/modprobe.d/options